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The MAILING DATE of this communication appears on the cover sheet with the correspondence address - 



Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

• Extensions of lime may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days vAW be considered timely. 

- If NO period for reply is specified above, the maximum statutory period wiW apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1)^ Responsive to communication(s) filed on 04 April 2005 . 
2a)S This action is FINAL. 2b)n This action is non-final. 

3) n Since this application is in condition for allowance except for fonnal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1 935 CD. 1 1 , 453 O.G. 21 3, 

Disposition of Claims 

4) ^ Claim{s) 1-34 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) ^ Claim(s) 7-11. 18-22, and 29-33 is/are allowed. 

6) ^ Claim(s) 1-6.12-17,23-28 and 34 is/are rejected. 

Claim(s) is/are objected to. 

8) n Claim{s) are subject to restriction and/or election requirement. 

Application Papers 

9) n The specification is objected to by the Examiner. 

10) 0 The drawing(s) filed on is/are: a)n accepted or b)n objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

11) n The oath or declaration is objected to by the Examiner. Note the attached Office Action orfonm PTO-152. 

Priority under 35 U.S.C. § 1 1 9 

12) n Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (0- 
a)n All b)n Some * 0)0 None of: 

1 .□ Certified copies of the priority documents have been received. 

2. n Certified copies of the priority documents have been received in Application No. . 

3. n Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 



Attachment(s) 

1) □ Notice of References Cited (PTO-892) 4) □ Interview Summary (PTO-413) 

2) □ Notice of Draftsperson's Patent Drawing Review (PTO-948) Paper No(s)/Mail Date. . 

3) □ Information Disclosure Statement(s) (PTO-1 449 or PTO/SB/08) 5) □ Notice of Informal Patent Application (PTO-1 52) 

Paper No(s)/Mail Date . 6) □ Other: . 
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DETAILED ACTION 

Response to Amendment 
This office action is in response to amendment filed on 04/04/05. Original application 
contained Claims 1-34. Therefore, presently pending claims are 1-34. 



Response to Arguments 

Applicant's arguments filed 04/04/05 have been fially considered and are not persuasive. 

The appHcant argued the JaUli does not teach or suggest "submitting information to an 
untrusted mechanism," because Jalili's client and Jalili's server trust each other. This is not 
found persuasive. The applicant has misrepresented the teachings of Jalili. Jalili does not teach 
a system with a client and server that have a trusted relationship. The system of Jalili teaches 
clients of various forms including a desktop or laptop computer, an ATM, a credit-card operated 
telephone, a generic key entry pad with visual display capable of displaying icons, or any other 
such system that includes a display device and an input device for entering data (column 5 lines 
15-20). These are untrusted mechanisms that are used by the user to gain access to a secure 
resource. 

In response to applicant's argument that the references fail to show certain features of 
applicant's invention, it is noted that the features upon which applicant relies (i.e., there is no 
teaching or suggestion in Jalili that the client and the server do not trust each other ) are not 
recited in the rejected claim(s). Although the claims are interpreted in light of the specification, 
limitations from the specification are not read into the claims. See In re Van Geuns^ 988 
F.2d 1181, 26USPQ2d 1057 (Fed. Cir. 1993). 
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In response to applicant's argument that the references fail to show certain features of 
appUcant's invention, it is noted that the features upon which applicant relies (i.e., data submitted 
to the malicious party) are not recited in the rejected claim(s). Although the claims are 
interpreted in Ught of the specification, hmitations from the specification are not read into the 
claims. See re Van Geuns,9S%F2d 1 181, 26 USPQ2d 1057 (Fed. Cir. 1993). 

In response to appUcant's argument that there is no suggestion to combine the references, 
the examiner recognizes that obviousness can only be established by combining or modifying the 
teachings of the prior art to produce the claimed invention where there is some teaching, 
suggestion, or motivation to do so found either in the references themselves or in the knowledge 
generally available to one of ordinary skill in the art. See In re Fine, 837 F.2d 1071, 5 
USPQ2d 1596 (Fed, Cir. 1988)and In re Jones, 958 F.2d 347, 21 USPQ2d 1941 (Fed. Cir. 1992). 
In this case, the password that is requested by the system of Jalili is a challenge response system. 
The challenge is the request for the password, and the response is the password that is sent. 
Therefore the system of Kumar and Jalili are analogous and the reason to combine is the request 
for the password of Jalili can be performed in the form of a challenge response of Kumar and 
therefore hiding the password from malicious parties. 

The examiner is not trying to teach the invention but is merely trying to interpret the 
claim language in its broadest and reasonable meaning. The examiner will not interpret to read 
narrowly the claim language to read exactly from the specification, but will interpret the claim 
language in the broadest reasonable interpretation in view of the specification. Therefore, the 
examiner asserts that Jalili and Kumar do teach or suggest the subject matter broadly recited in 
independent Claims 1, 12, 23, and 34. Dependent Claims 2-6, 13-17, and 24-28 are also rejected 
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at least by virtue of their dependency on independent claims and by other reason set forth in this 
office action. Accordingly, rejections for claims 1-6, 12-17, 23-28, and 34 are respectfully 
maintained. 

Claim Rejections - 35 USC §103 
The following is a quotation of 35 U.S.C 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

Claims 1-6, 12-17, 22-28, and 34 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over JaliU (6,209,104 Bl) in view of Kumar (6,535,980). 

In reference to claims 1,12, and 23, Jalili discloses a method, apparatus, and computer 
readable medium for verifying the legitimacy of an untrusted mechanism, comprising: 
submitting information to an untrusted mechanism. Receiving a response from the untrusted 
mechanism for each submission of either said first set of information or said second set of 
information (column 8 Unes 1-15). Determining whether each response received from the 
untrusted mechanism is a correct response (column 8 hnes 5-14). In response to a determination 
that any of the responses from the untrusted mechanism is an incorrect response, determining the 
untrusted mechanism to not be legitimate (column 8 lines 14-15). The response must be correct 
to be allowed access therefore an incorrect response would not allow access therefore indicating 
an illegitimate, or untrusted mechanism. 
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Although Jalili discloses submitting information to an untrusted mechanism, Jalili does 
not disclose submitting a fist set of information and a second set of information to an untrusted 
mechanism in a sequence that is unpredictable to the untrusted mechanism. 

Kumar discloses a method, apparatus, and computer readable medium for verifying the 
legitimacy of an untrusted mechanism, comprising: submitting a first set of information (correct 
responses) and a second set of information (incorrect responses) to an untrusted mechanism in a 
sequence that is unpredictable to the untrusted mechanism (column 3 lines 40-55). 

At the time the invention v^as made, it would have been obvious to a person of ordinary 
skill in the art to submit data in a sequence that is unpredictable to the untrusted mechanism as in 
Kumar in the system of Jalili. One of ordinary skill in the art would have been motivated to do 
this because the challenge response is a suitable method for sending arbitrary messages in a 
secret fashion (Kumar column 2 lines 63-67). 

In reference to claims 2, 3, 13-14, 24, and 25, wherein said sequence is generated 
randomly. The sequence is generated using a random number generator (column 8 lines 20-32). 

In reference to claim 4, 15, and 26, Although Jalili discloses submitting information to an 
untrusted mechanism, JaliH does not disclose submitting a fist set of information and a second set 
of information to an untrusted mechanism in a sequence that is unpredictable to the untrusted 
mechanism. 

Kumar discloses a system wherein said sequence includes at least one submission of said 
first set of information and at least one submission of said second set of information (column 3 
lines 40-55). 
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At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to submit data in a sequence that is unpredictable to the untrusted mechanism as in 
Kumar in the system of Jalili. One of ordinary skill in the art would have been motivated to do 
this because the challenge response is a suitable method for sending arbitrary messages in a 
secret fashion (Kumar column 2 Unes 63-67). 

In reference to claims 5, 16, and 27^ wherein said first set of information is designed to 
solicit a first proper response fi"om the untrusted mechanism, and said second set of information 
is designed to solicit a second proper response from the untrusted mechanism, and wherein 
determining whether each response received from the untrusted mechanism is a correct response 
comprises: where the set of information submitted to the untrusted mechanism was said first set 
of information, determining whether the response from the untrusted mechanism is said first 
proper response (column 6 lines 31-49); and where the set of information submitted to the 
untrusted mechanism was said second set of information, determining whether the response fi-om 
the untrusted mechanism is said second proper response (column 8 lines 14-15), The first set of 
information would be the information representing the user's password and the second set of 
information would be all the other information that does not represent the user's password. 

In reference to claim 6, 1 7, and 28, wherein said first proper response is an affirmative 
response, and wherein said second proper response is a negative response (column 8 lines 14- 
15). 

Allowable Subject Matter 
Claims 7-11, 18-22, and 29-33 are allowed. 
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Conclusion 

THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1. 136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1 .136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the mailing 
date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Paula W. KUmach whose telephone number is (571) 272-3854. 
The examiner can normally be reached on Mon to Thr 9:30 a.m to 5:30 p.m. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Vu can be reached on (571) 272-3859. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 
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Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 



PWK 

Monday, June 27, 2005 
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